Jackson's comments, commiserations, confabulations and simplifications on identity management and Microsoft's Active Directory all based on his continuous "reality tour" of meetings with customers, ISVs and Microsoft.

Monday, January 04, 2010

Speaking of PKI, again!

Certificate management used to be tough. There have not been a single tool to manage all the aspects of it and administrators had to launch all these certsrv.msc, certtmpl.msc, certutil.exe, ocsp.msc, pkiview.msc, and so on. We had no bulk operations, had to manage each certificate authority (CA) in a separate MMC snapin, and so on.
That is now all a thing in the past with the new PowerGUI/PowerShell-based certificate management admin console created by PowerShell MVP Vadims Podāns (here’s English translation of his blog) and shared for free here. Here’s a very quick summary of some of the features his tool has: Certificate Authorities management:
CRL Distribution Points (CDP)
Authority Information Access (AIA) settings
Review CRLs
Publish new CRLs
Change CRL publishing periods including overlap settings
Revoked Certificates
Issued Certificates
Pending requests
Failed requests
Issued certificate templates
Revoke/unrevoke certificates
Issue or deny pending requests for certificates
Add/remove certificate templates to issue
Change CRL/CRT/OCSP URL priorities Local certificate store management:
Import/Export certificates using various certificate types (such CER/pkcs12/pkcs7/SST)
Copy/move certificates between stores
Delete certificate from store
Validate certificates passing them through certificate chaining engine
Sign files Online Certificate Status Protocol (OCSP) Responders management:
Review and change OCSP Responder settings
Change OCSP URL priorities
All of these support bulk operations, filtering, and reporting. All are available with their source PowerShell code for your reference and scripting. Read more about the pack, see the screenshots, and download the tool here.

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not represent those of my employer or anyone else for that matter. View this blog's privacy policy here.16 CFR § 255.5 disclosure: I am an employee of Quest Software.